Skip to navigation
Latest News

Hack attack targets cash machine jackpot

bank card

By Reuters

Posted on 28 Jun 2010 at 08:06

A security expert says flaws in the design of some cash machines make them vulnerable to hackers, who could make the cash dispensers spit out their cash contents.

Barnaby Jack, head of research at security firm IOActive Labs, will demonstrate methods for "jackpotting" ATMs at the Black Hat security conference next month.

“ATMs are not as secure as we would like them to be,” said Jeff Moss, founder of the Black Hat conference. “Barnaby has a number of different attacks that make all the money come out.”

Jack declined to discuss his techniques before the conference, but his comments will send bank security staff into a panic.

If the attacks are as effective as Jack claims then making them public would allow crooks to adopt his methods, but Moss said that going public would raise awareness of the problem among ATM operators and prompt them to tighten security.

One potential route of attack is via communications ports that are sometimes accessible from outside an ATM, Moss said.

“You want everybody to know there are possible ways to jackpot these machines, so they will go and get their machines updated,” he said.

Joe Grand, a hardware security expert, said he was not surprised to learn of Jack's research.

“People are starting to realise that hardware products do have security vulnerabilities. Parking meters, ATMs, everything that has electronics in it can be broken,” Grand said. “A lot of times a hardware product is just a computer in a different shell.”

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Banks and Security

Regrettably I think it is unlikely that this news will send banks in to a panic. I've come to the conclusion that banks are a lot less bothered about security than they ought to be.

By jgwilliams on 28 Jun 2010

Guess who pays for security?

The added costs to the banks of increased security will be paid for by the people who always pay - the sustomers!

The first (and only rule of business) is:

The customer ALWAYS pays.

By BornOnTheCusp on 28 Jun 2010

No surprises...

Ever since I saw a cash machine Blue Screen, I've never really trusted them any more to keep money safe....

By all4nothing on 28 Jun 2010

No blue screen, but...

I have seen one come up with an error message, if I remember correctly it was whining about being unable to contact a DHCP server. None of the keys on the keypad would clear it. Wish I'd taken a picture now!

By mspritch on 29 Jun 2010

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.